CVE-2026-5816 Improper Resolution of Path Equivalence in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions...

CVE-2026-31512

Mode C CVE-2026-31512 affects the Linux kernel Bluetooth L2CAP path. The vulnerability arises in l2cap_ecred_data_rcv() where the SDU length is read from skb->data using get_unaligned_le16() without first ensuring skb contains at least 2 bytes (L2CAP_SDULEN_SIZE). If skb->len

EUVD-2026-24688

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

GitLab 18.10 < 18.10.4 / 18.11 < 18.11.1 (CVE-2026-5816)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript...

PT-2026-34524

DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both Untar and Unzip functions in pkg/archive/archive.go. Downloads and extracts archives from remote sources without path validation. Version...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE before 18.10.4 and...

PT-2026-34520

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description An issue exists where improper path validation under certain conditions could allow an unauthenticated user to execute arbitrary JavaScript in ...

WordPress plugin HTTP Headers 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

SUSE SLES15 Security Update : flatpak (SUSE-SU-2026:1511-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1511-1 advisory. - CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox-expose options bsc1261769. - CVE-2026-34079: Arbitrary...

CVE-2026-40931

Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination directory string but...

CVE-2026-40931 Complete Bypass of CVE-2026-24884 Patch via Git-Delivered Symlink Poisoning in compressing

Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination directory string but...

CVE-2026-40931

CVE-2026-40931 affects the node module compressing up to versions 2.1.0 and 1.10.4/2.0.1 patching CVE-2026-24884. The root cause is a string-based path check in isPathWithinParent that validates resolved paths without accounting for filesystem state, enabling a Directory Poisoning bypass via pre-...

CVE-2026-40923 Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal pat...

CVE-2026-40938 Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation...

CVE-2026-40876

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can...

CVE-2026-40876 SFTP root escape via prefix-based path validation in goshs

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can...

CVE-2026-40876 SFTP root escape via prefix-based path validation in goshs

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can...

CVE-2026-40876

CVE-2026-40876 (goshs) describes an SFTP jail-escape due to a prefix-based path validation bug in the sftpserver.helper.go sanitizePath implementation. The code uses a raw string-prefix check to validate the target path against the configured root, which allows a sibling path (e.g., /tmp/goshsroo...

Security update for flatpak

This update for flatpak fixes the following issues: CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox-expose options bsc1261769. CVE-2026-34079: Arbitrary file deletion on host via improper cache file path validation bsc1261770. Patch Instructions: To install this SUSE upda...

SUSE-SU-2026:1511-1 Security update for flatpak

This update for flatpak fixes the following issues: - CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox-expose options bsc1261769. - CVE-2026-34079: Arbitrary file deletion on host via improper cache file path validation bsc1261770...